Education Sector’s Ransomware Recovery Costs Skyrocket, Despite Fewer Attacks Overall

OXFORD, U.K. — 九月 12, 2024 —

Sophos, a global leader of innovative security solutions that defeat cyberattacks, today released findings from its annual sector survey report, “The State of Ransomware in Education 2024.” According to the report, the median ransom payment was $6.6 million for lower education and $4.4 million for higher education organizations. In addition, the survey states that 55% of lower education respondents and 67% of higher education respondents paid more than the initial demand.

Ransomware attacks are causing more of a strain as only 30% of ransomware victims surveyed in both lower and higher education were able to fully recover in a week or less, down from last year’s 33% (lower education) and 40% (higher education). This slowing recovery rate is likely due to education organizations operating with limited teams and resources, making it harder for them to coordinate recovery efforts.

“Unfortunately, schools, universities and other educational institutions are targets that are beholden to municipalities, communities and the students themselves, which inherently creates high pressure situations if they are hit and destabilized by ransomware. Educational institutions feel a sense of responsibility to remain open and continue providing their services to their communities. These two factors could be contributing to why victims feel so much pressure to pay,” said Chester Wisniewski, director, field CTO, Sophos.

“We also know that ransomware attackers have upped the ante when it comes to getting paid. Compromising their victims’ backups is now a mainstream element of ransomware attacks, giving adversaries the opportunity to subsequently increase the ransom demand when it is clear that the data cannot be recovered without the decryption key.”

In fact, 95% of respondents said that cybercriminals tried to compromise their backups during the attack, with 71% being successful – the second highest backup compromise rate across all industry sectors. Having backups compromised also considerably increases recovery costs, with the total bill coming in five times higher in lower education and four times higher in higher education.

Despite difficult dealings with ransomware, the overall attack rate dropped over the last year. Sixty-three percent of lower education organizations and 66% of higher education organizations were hit by ransomware attacks – down from 80% and 79%, respectively. At the same time, the rate of data encryption has increased slightly, with eighty-five percent of attacks on lower education and 77% of attacks on higher education organizations resulting in data encryption, slightly up from the 81% and 73%, respectively, reported in the 2023 survey. Unfortunately, cybercriminals are not only encrypting data, they’re also stealing it, using it as leverage to further monetize the attack. Twenty-two percent of lower education organizations that had data encrypted said the data was also stolen, together with 18% in higher education.

The survey reveals that exploited vulnerabilities were the leading root cause of attacks in education, providing cybercriminals with a way into the network for 44% of lower education and 42% of higher education ransomware attacks.

Based on this Sophos survey data, schools and other educational organizations could benefit from a layered security approach that includes vulnerability scanning and patching prioritization guidance to reduce their attack surface, endpoint protection with anti-ransomware capabilities that automatically detect and stop attacks, and 24/7 human-led managed detection and response (MDR) services to neutralize advanced human-led attacks, ideally leveraging telemetry from backup solutions to detect and stop adversaries before they can cause damage.

“While there appears to be some positive progress towards combatting ransomware in the education sector, it’s concerning that the rate of data encryption continues to increase year after year, which suggests educational organizations need to continue working towards improving their ransomware resilience. With stretched resources and limited budgets, education organizations need to focus on the controls that will have the greatest impact. With the median ransomware recovery cost for education now hitting $3 million, it’s clear that investing in strong prevention and protection solution can considerably reduce the overall financial impact of cyber to educational organizations,” said Wisniewski.

Sophos’ report this year incorporates new areas of study: insight into the role of law enforcement in ransomware remediation for education providers. Ninety-nine percent of lower education and 98% of higher education organizations engaged with law enforcement and/or official government bodies following a ransomware attack. As a result, 64% of lower education organizations and 66% of higher education organizations benefitted from advice about dealing with the attack. Sixty-one percent of lower and higher education organizations received help and support investigating the attack, and nearly 49% of lower education organizations and 48% of higher education organizations sought law enforcement’s help recovering data encrypted in the attack.

Data for the State of Ransomware in Education 2024 report comes from a vendor-agnostic survey of 600 cybersecurity/IT leaders working in the education sector conducted between January and February 2024. Respondents were based in 14 countries across the Americas, EMEA, and Asia Pacific. All respondents represent organizations with between 100 and 5,000 employees.

Read the full State of Ransomware in Education 2024 report on Sophos.com for additional global findings and data by sector.

关于 Sophos

Sophos 是全球领先的网络安全公司,凭借其人工智能驱动的平台和专家主导的服务,保护着全球 60 万家组织的安全。Sophos 根据各组织在不同安全成熟度的各式各样的需求提供支持,并与其共同成长,携手应对日益严峻的网络攻击。其解决方案结合机器学习、自动化、实时威胁情报以及来自 Sophos X-Ops 的前线真人专家的专业知识,提供 24/7 全天候高级威胁监控、侦测与响应服务。
Sophos 提供行业领先的托管式侦测与响应 (MDR) 服务,同时配备一整套全面的网络安全技术组合,包括端点、网络、电子邮件和云安全、扩展式侦测与响应 (XDR)、身份辨识威胁侦测与响应 (ITDR),以及下一代 SIEM。结合专家咨询服务,这些能力帮助组织主动降低风险,并更迅速地响应,提供力求在不断变化的威胁面前保持领先所需的可见性和可扩展性。
Sophos 通过全球合作伙伴生态系统进入市场,包括托管式服务提供商 (MSPs)、托管式安全服务提供商 (MSSPs)、经销商、分销商、市场集成商以及网络风险合作伙伴,为组织提供灵活的选择,使其能够在保护业务安全的同时建立值得信赖的合作关系。  Sophos 总部位于英国牛津。如欲了解更多信息,请访问 www.sophos.cn。